User Roles in WordPress

All You Need to Know About User Roles and Permissions in WordPress

by Aazar Ali Shad in security on July 14, 2019

From the moment when you give access to more people on your WordPress site, user roles will have crucial importance. Understanding what user roles exist and what are their permission will help you to organize your system better and make sure that no one has more “power” than you do.

Continue to read if you’re looking to:

  • Learn more about each of the six default user roles and their permissions.
  • Learn how to set up your user roles
  • Learn how to optimize your workflows with user roles

 

What are the user roles and why are they important?

User roles in WordPress define what actions, permissions and capabilities each of your users will have. 

They help you to define what are the responsibilities and capabilities of each of your coworkers and employees.

It’s crucial to define your user roles and assign responsibilities to each of your employees because:

  • They’re making your website more secure. Knowing what are the capabilities of each of your employees will not just suppress the undesired actions, but it will also make your head cooler. You won’t need to think about “what could happen” with your website and the progress you achieved.
  • They help you to define your workflows. Building a sustainable system will make your business a well-oiled machine. Knowing who does what will definitely save your time and energy.
  • It’s clear for your employees what they need to do. Having too many functions and capabilities you don’t need may be frustrating. So giving user roles to your employees will make their work more efficient, and they will easily navigate through your website.

Now when we understand the importance of setting up user roles in your WordPress, it’s time to see what are the 6 default user roles and their permissions.

 

6 default user roles and their permissions

 

There are 5 default user roles in WordPress you can choose from. In front of us, we listed their permissions, conditions and ways to create them.

1. Subscriber

Subscribers are the user role in WordPress with fewer capabilities than anyone else. Having that in mind, their WordPress dashboard is almost blank. They can’t write posts or edit some aspects of the website at all (except their personal profile).

The basic functions Subscriber have are to read posts, manage their profiles and have access to the gated content.

Because of all of this, not every WordPress website will use this role. It comes really handy if you have a subscription-based website or a gated-content for premium users.

For example, if you’re going to create a WordPress site like Airbnb, subscribers can be your vendors who are renting their spaces and houses.

Or, on the other hand, if you have your personal blog, and you have a gated content for people who provide you with their email address or pay a monthly subscription, they can have their own subscriber profile on your website.

 

2. Contributor

Contributor is the second-lowest user role in the WordPress hierarchy. Just like Subscriber, Contributor doesn’t have too many capabilities and permissions inside your website.

Contributors can only read all posts, write posts and edit (or delete) the posts they’ve created. They can’t even publish their own posts.

Keeping this in mind, Contributors user role in WordPress comes really handy if you have one-time or proactive contributors to your website.

For example, if you have a guest blogging policy, contributors can be people who are regularly writing guest blog posts for you.

Constantly sharing the guest blog posts drafts through Google Drive, and editing it from both sides can be annoying and time-consuming. Creating a contributor profile for your guest bloggers will help you to create a well-oiled system that works without any third-party websites or tools.

 

3. Author

The authors have a little bit more permissions in WordPress than contributors. They can read all posts, write (and edit), as well as publish their own articles.

The name “author” tells itself who is this user role for. It’s for the people who are regularly creating the content for your website. They can be either freelancers, employees or copywriters who have a regular contract with you.

With author role, they can prepare and publish the content, but can’t edit the pages or the content on the pages itself.

 

4. Editor

Editors have the way more capabilities and permissions than any already mentioned user role.

Long story short, editors are responsible for supervising authors and contributors. From that reason, this user role is very handy for someone who is responsible for your entire content or marketing strategies, such as content marketing managers or VPs of Growth.

Editors can edit pages, manage content, and write and publish posts. They can also edit posts that are created by someone else.

Editors can also moderate categories, links and edit profiles of your subscribers.

On the other hand, editors have some restrictions too. They can’t mess up with things that are directly correlated with the “functions” of the website, such as plugins, custom codes and other things.

These things only the Administrators can do.

 

5. Administrator

The administrator is on the top of WordPress’s hierarchy. It’s the biggest user role with all capabilities and permissions.

Administrators can either prepare and publish content, and also edit the pages, plugins, codes and the appearance of the website itself.

Administrators can also delete other user accounts or play with the website’s backend.

Having all of this in mind, administrators are usually the website owners or someone from the top management in your company.

This role is naturally assigned to you from the moment when you create your WordPress website.

Usually, there is only one administrator, but there can also be multiple administrators on one website. If needed, you can assign these permissions to someone else. But be careful, the administrator is the most powerful user role in WordPress – so only give this user role to someone you really trust. 

 

6. Super Administrator

There is another, more powerful user role than Administrator (but only certain occasions you can use this user role).

Super Administrator is designed for people who are running multiple websites that are directly correlated with each other.

Having this in mind, Super Administrator can do the same things as the regular administrator, but it can also add, change or delete the websites from the network.

When the super administrator user role exists, regular administrators for each of the WordPress sites you’re running will have a little bit fewer capabilities and permissions.

For example, once you assign the Super Administrator role to yourself or someone else, regular administrators can’t change the plugins, code or the appearance of the websites they’re running.

For better understanding, super administrators can decide what plugins should be used on the websites, while the regular administrators can just choose whether they want to activate them, or not.

As we mentioned, this user role comes really handy if you’re managing multiple websites.

Now when we know what are the 6 default user roles and their permissions in WordPress, let’s see how to create them.

 

How to set up user roles in WordPress

Assigning new user roles to your teammates (or users) is easy.

The first thing you need to do is to choose your “users” dashboard on the left menu in WordPress:

Now, you will see a sheet with all of the users you have and their permissions. To add a new user, just click on the “Add New” on the top:

The last step is in front of you. Just fill the blank boxes, choose the user role at the bottom, and your user is added!

The bottom line – choose your users carefully

As we could see, there are 5 most important (without super admin) user roles in WordPress. All of them can play a significant role in your website’s system.

Giving appropriate user roles to your teammates and users is more than essential. As we mentioned, it will keep you safe and make your website a well-oiled machine.

But, there are few things you need to keep in your mind that will help you to effectively apply user roles to your website:

  • Don’t give more permission to your user than they need – to keep their work crystal clean and to secure yourself, don’t give bigger user roles to the people if they don’t need them. For example, an content creator who still didn’t prooved himself should be satisfied with the subscriber role.
  • Don’t have more inappropriate user roles than you need – If you have a larger team, the best practice would be to keep some fixed number of user roles. For example, one administrator is enough to manage everything, a few editors would do the job (only the people whom you trust the most), writers who proved themselves can be authors, while new writers or guest bloggers can take the subscriber role. 
  • Use plugins to manage your user roles – There are various plugins you can use to manage, edit or create your own user roles if needed. Take advantage of that.

 

For the end, remember to carefully define what are the responsibilities and capabilities of each of your teammates. On that way, you will easily know what user role in WordPress is the best for them.

Remember, the user roles in WordPress will make your website secure from unappropriate attempts and your business to run smoothly.